Monday, September 15, 2014

Twitter unleashes bug bounty program

Online social networking service Twitter has launched a bug bounty program in an effort to eliminate the security flaws by giving the opportunity to researchers to formally disclose vulnerabilities and in return get the reward. Twitter has outsourced this program to HackerOne. Although there is no maximum limit for the reward but a minimum reward of $140 is offered for one vulnerability. The security flaws include XSS, CSRF, remote code execution and unauthorized access to tweets and direct messages. Only way a researcher is eligible to monetary reward is to report the bug and will not disclose publicly until the patch is available. <more>